Industry experts have been saying for years that hackers could target critical infrastructure, including transportation, industrial control, and power systems. But with a recent attack on a Ukranian power grid, a group of Russian hackers has moved us from the realm of “could” to “can.” Here’s everything you need to know about the attack.

What Happened in Ukraine?

On December 23rd, blackouts moved across the Ivano-Frankivsk region of Ukraine, leaving around half of the region’s 1.4 million people without power. The details of the attack are still being worked out, but it appears that a group of Russian hackers launched a coordinated multi-part attack on a number of regional power distribution centers in the region.

In addition to attacking the distribution centers directly, the attackers also targeted phone systems, preventing customers from reporting the power outages, and used measures to make it more difficult for technicians to discover the outage.

BlackEnergy has been used in a number of attacks against Ukrainian targets over the past year, including an attack on Ukrainian media companies in the run-up to the Ukrainian election. Russia and Ukraine have been engaged in an ongoing cyber war, with both sides launching numerous attacks, from cyber espionage and monitoring CCTV cameras to DDoS attacksWhat Is a DDoS Attack? [MakeUseOf Explains]What Is a DDoS Attack? [MakeUseOf Explains]The term DDoS whistles past whenever cyber-activism rears up its head en-masse. These kind of attacks make international headlines because of multiple reasons. The issues that jumpstart those DDoS attacks are often controversial or highly...Read More and freezing funds in PayPal accounts.

The malware used in the attack was found in several power companies’ computers earlier in the year, indicating that this hack was likely planned far in advance, an idea corroborated by the complexity of the attack across multiple systems. It’s possible that the original intention was to blackout the entire country.

Who – or What – Is Sandworm?

Sandworm is the name of the hacking group4 Top Hacker Groups And What They Want4 Top Hacker Groups And What They WantIt's easy to think of hacker groups as some kind of romantic back-room revolutionaries. But who are they really? What do they stand for, and what attacks have they conducted in the past?Read More widely thought to be behind this attack. The BlackEnergy malware is strongly linked to this group, which hides references to Frank Herbert’s classic science fiction novel Dune in their code (Sandworm is a reference to a creature in the novel, seen below on the cover of Heretics of Dune).

Because their targets have largely been opponents of Russia, there’s been some speculation over whether they might have the backing of the Russian government, which makes these attacks an even more serious matter. Of course, assigning blame for these attacks is very complicated; at the moment, we’re not totally sure that Sandworm is behind the attacks, much less the Kremlin.

Is the United States at Risk?

The US and Russia’s historically rocky relationship has a lot of people wondering if the US is prepared for this type of attack, and general answer of “no” is worrying. Of course, with some of the top cybersecurity experts in the world working for the NSA, we have some of the best defenses out there, but the fact remains that this is an unprecedented attack.

In addition to Russia’s obvious mastery of cyberwarfare, the fact that much of our critical infrastructure is outdated, especially when it comes to cybersecurity, is also very concerning. In 2014, Daniel Ross, CEO of security software company Promisec, told Forbes that critical infrastructure systems are at risk because “most of them run very old or potentially unpatched version of Windows, due to the fact that they are not taken down very often.”

The US Government Accountability Office has also made similar statements, with cyber critical infrastructure and federal information systems making its “high-risk” list in 2015. In short, yes, the US is probably at risk.

Without a devastating cyber attack, it seems unlikely that legislators will be willing to dedicate the huge amount of money it will take to properly defend US critical infrastructure and federal information systems from large-scale attacks like the one perpetrated in Ukraine. We can only hope that this event serves as an example to those in charge of cyber defense and catalyzes them to take stronger action on critical infrastructure security.

The Take-Aways

Cyberwarfare is advancing rapidly, and the ability to specifically target pieces of critical infrastructure with a multi-phase, highly planned attack has now been clearly demonstrated. We don’t know for sure if Russia was behind it, but it looks like a Russian hacking gang, possibly with the support of the Russian government, was the originator of the attack. And the US is not prepared to defend against such an attack.

What comes after power grids? Attacks on specific buildings or facilities? Military bases, maybe? Hospitals? Defense contractors? Unfortunately, the possibilities seem almost limitless, and all we can do is wait and see. How Russia, Ukraine, and the US move forward may very well have significant effects for worldwide cyberwarfare.

Does this attack on Ukraine’s power grid make you nervous? Do you feel that your country is sufficiently worried about cyber security? Or do you think this will be a wake-up call around the world? Share your thoughts below!

Yeah, it's tough to stay ahead of threats like these. I would imagine that a threat of this type, that targets something that spans the public and private sectors, will be especially difficult to head off before something bad happens. Hopefully the Ukraine event will galvanize people!

Dann is MakeUseOf's Creative editor. After an MA (and most of a PhD) in psycholinguistics, he fully committed to digital and print journalism. With over 10 years of professional writing experience, he's written about everything from cognitive science to mountain biking.